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Chapter 1 



Introduction 



Welcome to the AT-8700XL Series Advanced Fast Ethernet Switch, combining 
wire speed Layer 2 and Layer 3 switching with Quality of Service (QoS) 
features such as traffic classifiers and bandwidth limiting. 



Why Read This User Guide? 



This User Guide describes how to get started accessing the switch's Command 
Line Interface (CLI) and its Graphical User Interface (GUI), and provides an 
overview of Layer 2 and Layer 3 switching features. For more detailed 
descriptions of all commands and display outputs see the AT-8700XL Series 
Software Reference. The user guide is organised into the following chapters: 

■ Chapter 1, Introduction introduces the AT-8700XL Series Switch and gives an 
overview of the features of the AT-8700XL Series Switch and its 
documentation. 

■ Chapter 2, Getting Started describes how to gain access to the switch's 
command line and graphical user interfaces. 

■ Chapter 3, Operating the Switch introduces general operation, management 
and support features, including user authentication, loading and installing 
support files, and SNMP MIBs. 

■ Chapter 4, Layer 2 Switching describes how to configure Layer 2 switching 
features, including switch ports, VLANs and STP. A full description of 
Layer 2 switching is provided in the AT-8700XL Series Software Reference. 

■ Chapter 5, Maintenance and Troubleshooting describes some of the commands 
you can use to monitor the switch and diagnose faults. 
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Where To Find More Information 



Before installing the switch and any expansion options, read the important 
safety information in the Safety and Statutory Information booklet. Follow the 
Quick Install Guides step-by-step instructions for physically installing the switch 
and its expansion options. The Hardware References give detailed information 
about the equipment hardware. Once you are familiar with the basic 
operations of the switch, use the Software Reference for full command syntax 
descriptions and for full descriptions of the switch's software routing features. 

The latest versions of user documentation for the AT-8700XL family of switches 
can be downloaded from the on-line support site at 

http://www.alliedtelesyn.co.nz/support/at8700xl . The documentation set for the 
AT-8700XL Series includes: 

■ AT-8700XL Series Safety and Statutory Information 

■ AT-8700XL Series Quick Install Guide 

■ AT-8700XL Series Documentation and Tools CD-ROM, which includes the 
following PDF documents: 

• AT-8700XL Series Safety and Statutory Information 

• AT-8700XL Series Quick Install Guide, 

• AT-8700XL Series Hardware Reference 

• AT-8700XL Series Software Reference 

• Uplink Module Quick Install Guide 

• Uplink Module Hardware Reference 



Technical support 

For on-line support for your switch, see our on-line support page at 
http://www.alliedtelesyn.co.nz/support/at8700xl . If you require further assistance, 
contact your authorised Allied Telesyn distributor or reseller. 

The support page will also contain the latest release of the switch software. The 
LOAD command can be used to download software upgrades directly from 
the Allied Telesyn web site to the switch's FLASH memory. Use the SET 
INSTALL command to enable the new software release ("Example: Install Soft- 
ware Upgrade for AT-8700XL Switch" on page 20). 
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What Can the AT-8700XL Switch Do? 

Software support for AT-8700XL Series Switches provides wirespeed Layer 2 
and Layer 3 switching, including support for Virtual LANs. 

Switching Features 

The main Layer 2 features of the switch are: 

■ High performance, wire-speed Layer 2 switching ("Layer 2 Switching" on 
page 25). 

■ Packet Forwarding at wire speed. 

■ Store and Forward switching mode. 

■ Autonegotiation of link speed and duplex mode for 10/100 Mbps speed on 
all 100BASE TX ports ("Autonegotiation of Port Speed and Duplex Mode" on 
page 26). 

■ Automatic, configurable MAC address learning and ageing, supporting up 
to 255 static MAC addresses per switch. 

■ Switch Filtering. 

■ Layer 3 Filtering (Switching chapter in the AT-8700XL Series Software 
Reference. 

■ Broadcast Storm Protection ("Packet Storm Protection" on page 26). 

■ Virtual LANs defined by port membership ("Virtual Local Area Networks 
(VLANs)" on page 27). 

■ Spanning Tree Protocol and Rapid Spanning Tree Protocol ("Spanning Tree 
Protocol (STP)" on page 30). 

■ Classifiers to sort traffic for QoS and hardware filtering 

■ Quality of Service 

• DSCP configuration enabling management of DiffServ domains 

• Priority queuing 

• Bandwidth limiting 

■ Port trunking to spread traffic over several links ("Port Trunking" on 
page 26). 

■ Port mirroring ("Port Mirroring" on page 26). 

■ IP Multicasting 

• Internet Group Management Protocol (IGMP) 

• IGMP snooping 

• IGMP proxy 

• Multicast VLAN Registration 
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Routing Features 

In addition to Layer 2 and Layer 3 switching, the switch provides a wide array 
of multiprotocol routing, security and network management features. 

Features provided by the routing software suite include: 

■ IP version 4 routing 

■ IP version 4 multicasting 

■ IP RIP 

■ DNS Relay 

■ IP Filtering (not between switch ports) 

■ IP Packet Prioritisation (not between switch ports) 

■ ARP, Proxy ARP and Inverse ARP address resolution protocols. 

■ CLI, PAP and CHAP 

■ Virtual Router Redundancy Protocol (VRRP) 

■ Telnet client and server. 

■ A sophisticated and configurable event logging facility for monitoring and 
alarm notification to single or multiple management centres. 

■ Triggers for automatic and timed execution of commands in response to 
events. 

■ Scripting for automated configuration and centralised management of 
configurations. 

■ Dynamic Host Configuration Protocol (DHCP) for automatically assigning 
IP addresses and other configuration information to PCs and other hosts 
on TCP/IP networks. 

■ Support for the Simple Network Management Protocol (SNMP) version 1 
and version 2c, standard MIBs and the Allied Telesyn Enterprise MIB, 
enabling the switch to be managed by a separate SNMP management 
station. 

■ An HTTP client that allows files to be downloaded directly from a web 
server to the switch's FLASH memory, and an HTTP server that serves web 
pages from FLASH. 

For a complete description of the switch's routing software, see the AT-8700XL 
Series Software Reference. 
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Chapter 2 



Getting Started 



The AT-8700XL Series Switch is supplied with default settings which allow it to 
operate immediately as a switch, without any configuration. Even if this is all 
you want to use the switch for, you should still gain access to the switch 
configuration, if only to change the manager password to prevent unauthorised 
access. 

To take advantage of the full range of advanced Layer 2 switching features, the 
switch configuration must be changed. Layer 3 routing capabilities may also 
require detailed configuration. The switch has both a Command Line Interface 
(CLI) and a Graphical User Interface (GUI) for configuration and management. 
Before you can use the GUI, you will need to log in to the switch and use its 
CLI to allocate an IP address. 



Simple Switching 



If all you want the switch to do is switch traffic on your LAN, you need not 
perform any configuration. Simply power up the switch and connect devices to 
the switch ports. Switch learning is enabled by default, and all valid packets 
will be forwarded. 



Command Line Interface 



The first thing to do after physically installing the switch is to start a terminal 
session to access the switch. Then you can use the command line interface 
(CLI) to configure the switch. 

You can use a PC running terminal emulation software as the manager console 
instead of a terminal. Many terminal emulation applications are available for 
the PC, but the most readily available is the HyperTerminal application 
included in Microsoft® Windows™ 95, Windows™ 98, and Windows™ 2000. 
In a normal Windows™ installation HyperTerminal is located in the 
Accessories group. In Windows™ 2000, HyperTerminal is located in the Start > 
Programs > Accessories > Communications menu. 

The key to successfully using terminal emulation software with the switch is to 
configure the communications parameters in the terminal emulation software 
to match the default settings of the console port on the switch. For instructions 
on how to configure HyperTerminal, see the AT-8700XL Series Hardware 
Reference. 
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To start a terminal session, connect to the switch in one of the following ways: 

■ Connect a VT1 00-compatible terminal to the RS-232 Terminal Port, set the 
communications parameters on the terminal (Table 1 on page 10), and 
press [Enter] a few times until the switch's login prompt appears; OR 

■ Connect to the COM port of a PC running terminal emulation software 
such as Windows Terminal or HyperTerminal to the RS-232 Terminal Port, 
set the communications parameters on the terminal emulation software 
(Table 1 on page 10), and press [Enter] a few times until the switch's login 
prompt appears. 



Table 1: Parameters for terminal communication . 



Parameter 


Value 


Baud rate 


9600 


Data bits 8 


Parity 


None 


Stop bits 


1 


Flow control 


Hardware 



Logging In and Changing a Password 

If you access the switch from a terminal or PC connected to the front panel RS- 
232 terminal port (asynO), or via a Telnet connection, you must enter a login 
name and password to gain access to the command prompt. When the switch 
is supplied, it has a manager account with an initial password friend. Enter your 
login name at the login prompt: 

Enter your login name at the login prompt: 
login: manager 

Enter the password at the password prompt: 
password: friend 

This password should be changed to prevent unauthorised access to the 
switch, using the command: 

SET PASSWORD 

Make sure you remember the new password you create, as a lost password 
cannot be retrieved, and would mean losing access for configuring and 
monitoring the switch. 

Giving the Switch an IP Address 

Once you have logged into the manager account you will be able to enter 
commands from this document and from the AT-8700XL Series Software 
Reference. 

Enable IP, then add an IP interface over the default VLAN (vlanl) and assign it 
an IP address (e.g. 192.168.1.1), using the commands: 

ENABLE IP 

ADD IP INTERFACE^ vlanl IPADDRESS=192 . 168 . 1 . 1 

Once the switch is configured with an IP address, the command line interface 
can also be accessed by using Telnet to the switch from an IP host. 
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Entering Commands 

The switch is controlled with commands described in this document and in the 
AT-8700XL Series Software Reference. While the keywords in commands are not 
case sensitive, the values entered for some parameters are. The switch supports 
command line editing and recall (Table 2 on page 11). 



Table 2: Command line editing functions and keystrokes 



Function 

1 Ul IV.LIV/1 1 


VT1 00-romnatihlp Kpv^trokp 

V 1 1 UV/ LVI 1 IIJU LIUIC l\Cy Jll vIVC 


Move cursor within command line 




Delete character to left of cursor 


[Delete] or [Backspace] 


Toggle between insert/overstrike 


[Ctrl/0] 


Clear command line 


[Ctrl/U] 


Recall previous command 


T or [Ctrl/B] 


Recall next command 


i or [Ctrl/F] 


Display command history 


[Ctrl/C] or 




SHOW ASYN HISTORY 


Clear command history 


RESET ASYN HISTORY 


Recall matching command 


[Tab] or [Ctrl/1] 


The Graphical User Interface (GUI) 



The switch may be configured and managed over an available VLAN using the 
HTTP-based Graphical User Interface (GUI). The GUI may be accessed with 
Internet Explorer version 5 or greater or Netscape 6.2.2. A copy of Internet 
Explorer can be found on the switch's Documentation and Tools CD-ROM. 
JavaScript must be enabled. 



Use the menus and buttons on the GUI pages to navigate, not your browser's buttons, 
to ensure that the configuration settings are saved correctly. 



You can optionally browse to the GUI with a Secure Sockets Layer (SSL) 
connection. This means that sensitive data including passwords and email 
addresses can not be accessed by malicious parties. For details on configuring a 
SSL connection for the GUI, refer to the Secure Sockets Layer (SSL) chapter in the 
AT-8700XL Series Software Reference. 

Accessing the GUI 

You can use any VLAN on the switch to configure it via the GUI. You must first 
give that VLAN an IP address. In some situations, routing information must 
also be configured. For more information about IP configuration, see Chapter 4, 
Internet Protocol (IP). The following instructions show how to configure the 
switch through vlanl. 

To access the GUI: 

1. Access the switch's command line interface. 

See the switch's Quick Install Guide for more information. 
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2. Enable IP, using the command: 

ENABLE IP 

3. Assign the vlanl interface an IP address in the required subnet, using the 
command: 

SET IP INTERFACE^ vlanl T¥= ipaddress MASK=mask 

4. If the PC from which you will access the GUI is on a different subnet to the 
switch, add a route from the PC to the switch, using the command: 

ADD IP ROUTE= PC -ipaddress INTERFACE^ vlanl 
NEXTHOP=swi tch- ipaddress 

5. If you access the Internet through a proxy server, set your browser to bypass 
the proxy for vlanl 's IP address. 

6. Point your web browser at vlanl 's IP address. 

7. At the login prompt, enter the user name and password. 

User Name: manager 

Password: friend 

The home page is displayed. Select options to configure and manage the 
switch. 

To change the password, select Management > Users from the sidebar menu. 
Select the Manager account and click Modify. 

To access the GUFs context-sensitive help system, click on the Help button 
above the sidebar menu or on the page for which assistance is required. 

Enabling and Disabling the GUI 

The GUI is enabled by default. To enable or disable the GUI, use the following 
commands: 

ENABLE GUI 
DISABLE GUI 

When enabled, the GUI will only work if a valid resource file for the hardware 
model is present in FLASH memory, and if the HTTP server is enabled. 

Getting help 

To access the GUFs context-sensitive help system, click on the Help button in 
the sidebar menu. 
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Chapter 3 



Operating the Switch 



This chapter introduces general operation, management and support features, 
including user authentication, loading and installing support files, and SNMP 
MIBs. For more information see Chapter 1, Operation in the AT-8700XL Series 
Software Reference. 



User Privileges 



The command processor supports three levels of privilege, USER, MANAGER, 
and SECURITY OFFICER, distinguished by the prompt displayed by the 
command processor when it is ready to receive commands. A USER level 
prompt looks like: 

> 

while a MANAGER prompt looks like: 

Manager > 

and a SECURITY OFFICER prompt looks like: 

SecOff > 

See Chapter 1, Operation in the AT-8700XL Series Software Reference for more 
information about creating new accounts with user, manager and security 
officer privileges. 



File Subsystem 



FLASH memory is structured like a file subsystem. Files can be saved, 
renamed, listed and deleted. Release files, online help files, configuration 
scripts and other scripts are all stored as files in FLASH memory. 

File names of up to 16 characters long, with extensions of 3 characters (DOS 
16.3 format), are supported on the switch. However, files on the switch are 
stored in FLASH and NVS using the DOS 8.3 format of 8 characters long, with 
extensions of 3 characters. For example, the file extralongf ilenam. cf g may 
be saved as extral~l . cf g in the FLASH File System. Therefore, files can be 
accessed via two file names, either of which can be used for file management. 

A translation table, named longname . if n, converts file names between DOS 
16.3 format and DOS 8.3 format. To reconcile file names the switch consults the 
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translation table which is synchronised with file contents in memory. For more 
information about working with files see the Working With Files section, 
Operation chapter, AT-8700XL Series Software Reference. 

To display the files in FLASH, use the command: 

SHOW FILE 

The switch automatically compacts FLASH memory when a maximum 
threshold of deleted files is reached. Compaction frees space for new files by 
discarding garbage. A message will appear when FLASH compaction has been 
activated. Another message appears when FLASH compaction is complete. 



While FLASH is compacting, do not restart the switch or use any commands 
that affect the FLASH file subsystem. Do not restart the switch, or create, edit, 
load, rename or delete any files until a message confirms that FLASH file 
compaction is completed. Interrupting flash compaction may result in damage 
to files. 



Online CLI Help 

Online help is available for all switch commands in the CLI. Typing a question 
mark "?" at the end of a partially completed command displays a list of the 
parameters that may follow the current command line, with the minimum 
abbreviations in uppercase letters. The current command line is then re- 
displayed, ready for further input. 

An online help facility provides more detailed help information via the 
command: 

HELP [topic] 

If a topic is not specified, a list of available topics is displayed. The HELP 
command displays information from the system help file stored in FLASH 
memory. The help file used by the HELP command must be defined using the 
command: 

SET H.ELP=helpfile 

The current help file and other system information can be displayed with the 
command: 

SHOW SYSTEM 
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At boot the switch executes the commands in the boot script to configure the 
switch. A boot script is a sequence of standard commands that the switch 
executes at start-up. The default boot script is called boot . cf g, but an 
alternative script file can be defined as the boot script using the command: 

SET CONFIG= filename 

A configuration file is a script made up of the same commands as are used in 
the CLI. It can be edited manually using the switch's built in editor, or 
uploaded to a PC and edited using any text editor using the UPLOAD 
command (Chapter 1, Operation in the AT-8700XL Series Software Reference). 

Saving Configuration Entered with the GUI 

Configuration changes applied using the GUI can be saved to a configuration 
script by clicking the Save button on any GUI page that has one. A pop-up Save 
window gives the option of saving to the boot configuration file, the current 
configuration file, another existing file or a new file. 

Saving Configuration Entered with the CLI 

Subsequent commands entered from the command line or executed from a 
script affect only the dynamic configuration in memory, which is not retained 
over a power cycle. Changes are not automatically stored in nonvolatile 
memory. When the switch is restarted the configuration will be restored to that 
defined by the boot script, or if the switch was restarted using the RESTART 
command, any script specified in the RESTART command. 

To retain any configuration changes made after boot across a restart or power 
cycle, save the modified configuration as a script file, using the command: 

CREATE CONFIG= filename 



The configuration file created by the GUI or the CREATE CONFIG command records 
passwords in encrypted form, not in cleartext. 



Install Information 



When you first start the switch, it automatically loads the software release from 
FLASH memory into RAM, where the CPU uses it to run all the switch's 
software features. The switch may also load a patch file to improve the main 
release. The software release and any patch files are current when the switch is 
produced at the factory. 

When Allied Telesyn makes a new patch or release available, you may want to 
upgrade the software on your switch to use a new patch or release file. You can 
download the latest software patches, full software releases, and CLI help files 
from the support site at: http://www.alliedtelesyn.co.nz/support/at8700xl . 

The INSTALL module is responsible for maintaining install information and 
loading the correct install at boot. A release is a binary file containing the code 



executed by the switches CPU. There may also be a patch file, and additional 
binary file that modifies the original release file. An install is a record 
identifying a release and an optional patch. Three installs are maintained by 
the INSTALL module, temporary, preferred and default. 

The default install is the install of last resort. The release for the default install 
can not be changed by the manager and is always the EPROM release. The 
patch for the default install may be set by the manager. 

The temporary and preferred installs are completely configurable. Both the 
release and an associated patch may be set. The release may be EPROM or a 
release stored in FLASH. 

The three different installs are required to handle the following situations: 

■ A default install is required to handle the case when only the EPROM 
release is present. 

■ A temporary install is required to allow a release and/ or patch to be 
loaded once only, in case it causes a switch crash. 

■ A preferred install is required because the default install can not be 
anything other than the EPROM. 

The install information is inspected in a strict order. The temporary install is 
inspected first. If this install information is present, the temporary install is 
loaded. At the same time, the temporary install information is deleted. This 
ensures that if the switch reboots immediately as the result of a fatal condition 
caused by the temporary install, the temporary install will not be loaded a 
second time. 

If there is no temporary install defined, or the install information is invalid, the 
preferred install is inspected. If present, this install is loaded. The preferred 
install information is never deleted. 

If neither temporary nor preferred installs are present, the default install is 
used. The default install will always be present in the switch, because if, for 
some reason, it is not, the INSTALL module will restore it. 



The preferred install should not be set up with an untested release or patch. It 
is advisable to install new releases or patches as the temporary install, and 
when the switch boots correctly, to then set up the preferred install with the 
new release or patch. 



To change the install information in the switch, use the command: 

SET INSTALL^ { TEMPORARY | PREFERRED | DEFAULT } 

[RELEASE^ { release-name | EPROM} ] [ PATCH [ =pa t ch -name ] ] 

The INSTALL parameter specifies which install is to be set. The INSTALL 
module is responsible for maintaining install information and loading the 
correct install at boot. An install is a record identifying a release and an optional 
patch. Three installs are maintained by the INSTALL module, temporary, 
preferred and default. 

The default install is the install of last resort. The release for the default install 
can not be changed by the manager and is always the EPROM release. The 
patch for the default install may be set by the manager. 



The temporary and preferred installs are completely configurable. Both the 
release and an associated patch may be set. The release may be EPROM or a 
release stored in FFS. 

The RELEASE parameter specifies the release file for this install. The release 
file is either a file name of the form device : filename . ext for files in the file 
subsystem, or EPROM, to indicate the EPROM release. The default value for 
the device field is FLASH. 

The PATCH parameter specifies the patch file for this install, and is a file name 
of the form device : filename . ext. The patch file is stored in FLASH. The 
default value for the device field is flash. If the patch name is not given, the 
patch file information for a given install is removed and only the release file 
will be loaded for the install. 

A patch file can not be set up for an install unless a release file is already set up, 
or a release file is specified in the same command. This stops the inadvertent 
setting of an install to be just a patch file. When the switch reboots in such a 
case the particular install is ignored, which may have undesirable effects on the 
switch operation. 



For security reasons this command will only be accepted if the user has SECURITY 
OFFICER privilege. 



To delete a particular install (except the default install) use the command: 

DELETE INSTALL 

To display the current install information, including which install is currently 
running in the switch, and how the install information was checked at the last 
reboot, use the command: 

SHOW INSTALL 



Loading Releases and Patches into the 
Switch 

The LOADER module is responsible for loading and storing releases, patches 
and other files into FLASH. The LOADER module uses the Trivial File Transfer 
Protocol (TFTP), Hypertext Transfer Protocol (HTTP) or ZMODEM over an 
asynchronous port, to retrieve files from a network host. The FFS module is 
used to create, write and destroy release and patch files. 

The loader can be configured with the command: 

SET LOADER [ DELAY = del ay | DEFAULT ] 

[ DESTINATION^ { FLASH | DEFAULT } ] [ FILE= f ±1 ename] 
[ HTTPPROXY= { hos tname \ ipadd | DEFAULT } ] 
[METHOD= {HTTP | TFTP | WEB | WWW j ZMODEM | NONE | DEFAULT} ] 
[ASYN=port | DEFAULT] [PR0XYP0RT=1 . . 65535 | DEFAULT] 
[ SERVER^ { hos tname \ ipadd | DEFAULT } ] 

This command sets default values for the name of the file to load, the network 
host to load it from, and the memory location in which to store the file. These 
default values can be overridden when the load actually takes place. A time 
delay between initiating a load and the start of the load can also be configured. 
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The DELAY parameter specifies the delay, in seconds, between initiating the 
file download and the download actually starting. This feature is provided to 
allow reconfiguration of ports and devices after initiating the download. For 
example, a manager may be at a remote site with a single PC which is to act as 
both the access device to the switch and the TFTP server. By specifying a delay, 
the manager has time to reconfigure the PC from terminal emulation mode to 
TFTP server mode before the download starts. The DELAY parameter is 
optional. If DEFAULT is specified, this parameter is set to the factory default, 
which is no delay. 

The DESTINATION parameter specifies where the file will be stored. If FLASH 
is specified, the file is stored in the FLASH File System (FFS) on the switch. If 
DEFAULT is specified, this parameter is set to the factory default, FLASH. 

The FILE parameter specifies the name of the file, in the syntax of the server 
from which the file will be downloaded. The FILE parameter is a full path 
name rather than just a file name. The only restriction is that the last part of the 
parameter must be a valid file name for the LOADER module. When 
METHOD is set to TFTP, HTTP, ZMODEM or NONE, valid file names are of 
the form filename . ext where filename is one to sixteen characters in length 
and ext is three characters in length. The following are examples of valid file 
names for methods TFTP, ZMODEM or NONE: 

\user\public\f ilename . ext ; UNIX or DOS server 
[network. cfg] filename . ext ; DEC VAX server 

Note that, starting at the end of the file name and working backwards, the first 
character not valid in file names delimits a valid file name for the switch. If the 
slash at the beginning of the path is omitted in this command, the LOAD 
command adds it. The following are examples of valid file names for method 
HTTP: 

/path/ filename . ext 

path/ filename . ext 

The HTTPPROXY parameter specifies the proxy server used to handle HTTP 
requests. Either the IP address or the fully qualified domain name of the proxy 
server may be specified. If a domain name is specified, the switch will perform 
a DNS lookup to resolve the name. If DEFAULT is specified, this parameter is 
set to the factory default, which has no value set for HTTPPROXY, clearing any 
value previously set as default. 

The METHOD parameter specifies the method to use when downloading the 
file. If HTTP is specified, HTTP is used to download the file. The options WEB 
and WWW are synonyms for HTTP. If TFTP is specified, TFTP is used to 
download the file. If ZMODEM is specified, the ZMODEM protocol is used to 
download the file. If ZMODEM is specified, the PORT parameter must be 
specified, unless it has been set with the SET LOADER command. If NONE is 
specified, only text files can be downloaded and all input received via the port 
will be directed to the specified file on the switch's file subsystem. The file 
transfer is terminated by the first control character received that is not a CR or 
LF character. The FILE parameter is not valid when METHOD is set to 
ZMODEM. The PORT parameter is not valid when METHOD is set to HTTP, 
WEB, WWW, TFTP or NONE. If DEFAULT is specified, this parameter is set to 
the factory default, which is TFTP. 

The ASYN parameter specifies the asynchronous port via which the file will be 
downloaded, when the METHOD parameter is set to ZMODEM or NONE. If 
METHOD is set to ZMODEM or NONE, the PORT parameter is required 
unless it has been set with the SET LOADER command. If DEFAULT is 
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specified, this parameter is set to the factory default, which is no PORT set, 
clearing any value previously set as default. 

The PROXYPORT parameter specifies the port on a proxy server. The 
PROXYPORT parameter is only valid if METHOD is HTTP and HTTPPROXY 
is specified. If DEFAULT is specified, this parameter is set to the factory 
default, which is 80. 

The SERVER parameter specifies the IP address or the host name (a fully 
qualified domain name) of the TFTP server or HTTP server from which the file 
is loaded. If a host name is specified, a DNS lookup is used to translate this to 
an IP address. The SET IP NAMESERVER command can be used to define 
name servers. The PING command can be used to verify that the switch can 
communicate with the server via IP. The SERVER parameter is not used when 
METHOD is set to ZMODEM or NONE. The following are examples of valid 
server names when METHOD is set to HTTP: 

host . company . com 

192.168.3.4 

If DEFAULT is specified, this parameter is set to the factory default, which has 
no value set for SERVER, clearing any value previously set as default. 

Loading a release file into the switch 

upgrade the software release on the switch 

Check the release files on the switch. 

In the switch's command line, enter the command: 

SHOW FFILE 

This command lists the files which are present on the router, and the 
amount of free memory. Identify the existing release files, which will have 
an extension of . rez. 

Load the new release file. 

For example, to load the file from a TFTP server, enter the command: 

LOAD F1~LE= filename . rez SERVER= tftp-ip 

where filename, rez is the name of the new release file, and tftp-ip is the IP 
address of the TFTP server. If you are running AT-TFTP Server 1.8 on your 
PC, the IP address is the IP address of the PC. 

Enable the new release. 

For a free minor release upgrade (for example 87-251. rez to 87-252. rez), 
enter the command: 

ENABLE RELEASE^ filename, rez NUMBER=nizi7Lber 

where number is the new software release number, for example 2.5.2. 

For a major release upgrade, enter the command: 

ENABLE RELE AS E= filename. rez NUMBER= number 
PAS SWORD =pas sword 

where password is the password supplied by your authorised distributor or 
reseller, and is specific to a particular release and switch serial number. 



3 
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4. Set the switch to boot up with the new release file. 

Enter the command: 

SET INSTALL^ PREFERRED RELEASE= filename . rez 

where filename, rez is the name of the new release file. 

5. Reboot the switch. 

Enter the command: 

RESTART REBOOT 

If you are using the GUI, you will lose your browser's connection to the 
switch. Wait for the router to reboot, or browse to the switch's IP address. 

6. Check the release. 

Check that the new software release runs as expected. To confirm that the 
switch is running the new release, enter the command: 

SHOW INSTALL 

The Current install section in the output from this command should show 
the new software release as the preferred release. 



Example: Install Software Upgrade for AT-8700XL 
Switch 

This example downloads a compressed release from the AT-8700XL Support 
site to the switch's FLASH memory using TFTP. 

3^ To install a compressed release: 

M 1. Download the release files to the switch. 

^ Load the file from your TFTP server to the switch, using the command: 

LOAD FILE=87-251 .rez SERVER=tf tp- ip 



where tftp-ip is the IP address of your TFTP server. If you are running 
AT-TFTP server on a PC, this is the PC's IP address. 
If you do not have a TFTP server, AT-TFTP Server 1.8 is available on 
the Documentation and Tools CD. 

The process of downloading a release file can take some time, even if the 
switch and the TFTP server are connected by high speed links. An 
indicative time for downloading a release over Ethernet is 5 to 10 minutes. 
The progress of the download can be monitored with the command: 

SHOW LOAD 

When the download has completed, the presence of the files in FLASH can 
be displayed with the command: 

SHOW FILE 

This shows the file 87-251. rez is present. 
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2. Enable the new release. 

The release can now be enabled, using the command: 

ENABLE RELEASE=87-251 . REZ NUMBER=2 .5.1 



3. Make the release the default (permanent) release. 

Set the switch to boot up using the new release, and then restart it. 

SET INSTALL^ PREFERRED RELEASE=87 -2 51 . REZ 

Every time the switch reboots from now on, the new release will be loaded 
from FLASH. 

Other load methods are described in the Operations chapter in the AT-8700XL 
Series Software Reference. 



Upgrading and Storing GUI Resource Files 

You can store two GUI resource files in the switch's memory, and set the GUI 
resource file that you want to use. To load a GUI resource file, use the 
command: 

LOAD F I LE= filename. rsc SERVER=server 
where: 

■ filename is the name of the GUI resource file 

■ server is the server used to load the file. 

To set a GUI resource file as the preferred resource file, use the command: 

SET INSTALL=pref erred GUI=fi lename . rsc 

where: 

■ filename is the name of the GUI resource file 

The GUI resource file name must conform to the convention tppplw . rsc, for 
example, r_4l0e05 . rsc, where: 

• t = GUI type 

• ppp = product code 

• 1= language code 

• w = version number 

• . rsc = resource file extension 

The resource file must exist in FLASH, possess a valid checksum, be 
compatible with the product model it is being loaded onto, and be compatible 
with the current software release. By specifying a null string for filename, i.e 
"SET INSTALL=preferred GUI=", no resource file will be used, and therefore 
the GUI will be unavailable. The GUI is also unavailable if the command "SET 
INSTALL=preferred GUI=none" is entered. 
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If the selected GUI resource file fails to pass the validation checks when it is 
loaded, the given install will not fail. Instead, the release and patch files are 
loaded, but the GUI resource file is not loaded. The success or failure of this 
validation is recorded in the " install history" section of the SHOW 
COMMAND. 



Changing the resource file will cause an implicit RESET GUI to be performed. The 
switch will reinitialise and reconstruct its index of pointers into the resource file so that 
the new GUI resource file is accessed correctly. 



To delete a GUI resource file from the switch, you must first ensure that it is not 
the preferred release file. Use the command: 

SET INSTALL=pref erred GUI=none 

When the GUI resource file that you want to delete is no longer set as the 
preferred GUI, you can delete the .rsc file using the command: 

DELETE FILE= filename, rsc 



SNMPand MIBs 



The switch's implementation of SNMP is based on RFC 1157 "A Simple Network 
Management Protocol (SNMP)" , and RFC 1812, "Requirements for IP Version 4 
Routers". The switch supports SNMP version 1 (SNMPvl) and SNMP version 
2c (SNMPv2c). The SNMP agent is disabled by default. To enable SNMP, use 
the command: 

ENABLE SNMP 

SNMP communities are the main configuration item in the switch's SNMP 
agent, and are defined in terms of a list of IP addresses which define the SNMP 
application entities (trap hosts and management stations) in the community. 
An SNMP community is created using the command: 

CREATE SNMP COMMUNITY=naJ7ie [ACCESS= {READ | WRITE } ] 
[TRAPHOST= ipadd] [MANAGER^ ipadd] 

[OPEN={ON | OFF | YES | NO | TRUE | FALSE} ] [VlTRAPHOST= ipadd] 
[ V2 CTRAPHOST= ipadd ] 

Authentication failure traps and link state traps can be enabled using the 
commands: 

ENABLE SNMP AUTHENTICATE_TRAP 
ENABLE INTERFACE=interface LINKTRAP 

where interface is the name of an interface, such as vlanll. 
The command: 

SHOW SNMP 

displays the current state and configuration of the SNMP agent. 

The following MIBs are supported: 

■ MIB II (RFC 1213) 

■ Ethernet MIB (RFC 1643) 

■ Trap MIB (RFC 1215) 
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■ RMON Groups 1, 2, 3, and 9 (RFC 1757) 

■ AR Router portion of the ATI/ATKK Enterprise MIB 

■ Portions of the Extended Interface MIB (RFC 1573) 

For details on SNMP, refer to the SNMP chapter in the AT-8700XL Series 
Software Reference. 
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Chapter 4 



Layer 2 Switching 



This section outlines the Layer 2 switching features on the switch, and how to 
configure some of them. For more detail, refer to the Switching chapter in the 
AT-8700XL Series Switch Software Reference. 



Switch Ports 



Each switch port is uniquely identified by a port number. The switch supports 
a number of features at the physical level that allow it to be connected in a 
variety of physical networks. This physical layer (layer 1) versatility includes: 

■ Enabling and disabling of ports. 

■ Auto negotiation of port speed and duplex mode for all 10/100 BASE 
ports. 

■ Manual setting of port speed and duplex mode for all 10/100 BASE ports. 

■ Link up and link down triggers. 

■ Port trunking. 

■ Packet storm protection. 

■ Port mirroring. 

■ Support for SNMP management 

Enabling and Disabling Switch Ports 

An switch port that is enabled is available for packet reception and 
transmission. Its administrative status in the Interfaces MIB is UP. Disabling a 
switch port does not affect the STP operation on the port. Enabling a switch 
port will allow the port to participate in spanning tree negotiation. A switch 
port that has been disabled by the Port Security feature cannot be enabled 
using the ENABLE SWITCH PORT command. 

To enable or disable a switch port, use the commands: 

ENABLE SWITCH PORT= {port-list | ALL} 
DISABLE SWITCH PORT= {port-list | ALL} 

Resetting ports at the hardware level discards all frames queued for reception 
or transmission on the port, and restarts autonegotiation of port speed and 
duplex mode. Ports are reset using the command: 

RESET SWITCH PORT= {port-list | ALL} [COUNTER] 
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To display information about switch ports, use the command: 

SHOW SWITCH PORT [ = {port-list | ALL} ] 

Autonegotiation of Port Speed and Duplex Mode 

Each of the switch ports can operate at either 10 Mbps or 100 Mbps, in either 
full duplex or half duplex mode. In full duplex mode a port can transmit and 
receive data simultaneously, while in half duplex mode the port can either 
transmit or receive, but not at the same time. This versatility makes it possible 
to connect devices with different speeds and duplex modes to different ports 
on the switch. Such versatility also requires that each port on the switch know 
which speed and mode to use. 

Port Trunking 

Port trunking, also known as port bundling or link aggregation, allows a 
number of ports to be configured to join together to make a single logical 
connection of higher bandwidth. This can be used where a higher performance 
link is required, and makes links even more reliable. 

Packet Storm Protection 

The packet storm protection feature allows you to set limits on the reception 
rate of broadcast, multicast and destination lookup failure packets. The 
software allows separate limits to be set for each port, beyond which each of 
the different packet types are discarded. The software also allows separate 
limits to be set for each of the packet types. Which of these options can be 
implemented depends on the model of switch hardware. 

Port Mirroring 

Port mirroring allows traffic being received and transmitted on a switch port to 
be sent to another switch port, the mirror port, usually for the purposes of 
capturing the data with a protocol analyser. This mirror port is the only switch 
port which belongs to no VLANs, and therefore does not participate in any 
other switching. Before the mirror port can be set, it must be removed from all 
VLANs except the default VLAN. The port cannot be part of a trunk group. 

Port Security 

The port security feature allows control over the stations connected to each 
switch port, by MAC address. If enabled on a port, the switch will learn MAC 
addresses up to a user-defined limit from 1 to 256, then lock out all other MAC 
addresses. One of the following options can be specified for the action taken 
when an unknown MAC address is detected on a locked port: 

■ Discard the packet and take no further action, 

■ Discard the packet and notify management with an SNMP trap, 

■ Discard the packet, notify management with an SNMP trap and disable the 
port. 
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A Virtual LAN (VLAN) is a logical, software-defined subnetwork. It allows 
similar devices on the network to be grouped together into one broadcast 
domain, irrespective of their physical position in the network. Multiple VLANs 
can be used to group workstations, servers, and other network equipment 
connected to the switch, according to similar data and security requirements. 

Decoupling logical broadcast domains from the physical wiring topology 
offers several advantages, including the ability to: 

■ Move devices and people with minimal, or no, reconfiguration 

■ Change a device's broadcast domain and access to resources without 
physically moving the device, by software reconfiguration or by moving its 
cable from one switch port to another 

■ Isolate parts of the network from other parts, by placing them in different 
VLANs 

■ Share servers and other network resources without losing data isolation or 
security 

■ Direct broadcast traffic to only those devices which need to receive it, to 
reduce traffic across the network 

■ Connect 802.1Q-compatible switches together through one port on each 
switch 

Devices that are members of the same VLAN only exchange data with each 
other through the switch's switching capabilities. To exchange data between 
devices in separate VLANs, the switch's routing capabilities are used. The 
switch passes VLAN status information, indicating whether a VLAN is up or 
down, to the Internet Protocol (IP) module. IP uses this information to 
determine route availability. 

The switch has a maximum of 255 VLANs, ranging from a VLAN identifier 
(VID) of 1 to 255. When the switch is first powered up, a "default" VLAN is 
created and all ports are added to it. In this initial unconfigured state, the 
switch will broadcast all the packets it receives to the default VLAN. This 
VLAN has a VID of 1 and an interface name of vlanl. It cannot be deleted, and 
ports can only be removed from it if they also belong to at least one other 
VLAN. The default VLAN cannot be added to any STP, but always belongs to 
the default STP. If all the devices on the physical LAN are to belong to the same 
logical LAN, that is, the same broadcast domain, then the default settings will 
be acceptable, and no additional VLAN configuration is required. 

Creating VLANs 

To briefly summarise the process of creating a VLAN: 

1. Create the VLAN. 

2. Add tagged ports to the VLAN, if required. 

3. Add untagged ports to the VLAN, if required. 

To create a VLAN, use the command: 

CREATE VLAN=vlan-name VID=2..255 

Every port must belong to a VLAN, unless it is the mirror port. By default, all 
ports belong to the default VLAN as untagged ports. 



To add tagged ports to a VLAN, use the command: 

ADD VL,AN={vlan-name\ 1 . .255} PORT= {port-list | ALL} FRAME = TAGGED 

A port can be tagged for any number of VLANs. 

To add untagged ports to a VLAN, use the command: 

ADD VLAN={vlan-name\ 1 . .255} PORT= {port-list | ALL} 
[ FRAME ^UNTAGGED ] 

A port can be untagged for zero or one VLAN. A port can only be added to the 
default VLAN as an untagged port if it is not untagged for another VLAN. A 
port cannot transmit both tagged and untagged frames for the same VLAN 
(that is, it cannot be added to a VLAN as both a tagged and an untagged port). 

To remove ports from a VLAN, use the command: 

DELETE VLAN={ vlan-name\ 1 . .255} PORT= {port-list | ALL} 

Removing an untagged port from a VLAN will return it to the default VLAN, 
unless it is a tagged port for another static VLAN. An untagged port can only 
be deleted from the default VLAN if the port is a tagged port for another static 
VLAN. 



Ports tagged for some VLANs and left in the default VLAN as untagged ports will 
transmit broadcast traffic for the default VLAN. If this is not required, the unnecessary 
traffic in the switch can be reduced by deleting those ports from the default VLAN. 



To change the tagging status of a port in a VLAN, use the command: 

SET VL,AN={vlan-name\ 1 . .255} PORT= {port-list | ALL} FRAME= TAGGED 

To destroy a VLAN, use the command: 

DESTROY VLAN= { vl an -name | 2 . . 2 5 5 | ALL } 

VLANs can only be destroyed if no ports belong to them. 

To display the VLANs configured on the switch, use the command: 

SHOW VLAN[={ vlan-name\ 1 . .255 | ALL} ] 

Information which may be useful for trouble-shooting a network can be 
displayed with the VLAN debugging mode. This is disabled by default, and 
can be enabled for a specified time, disabled, and displayed using the 
commands: 

ENABLE VLAN= { vl an -name | 1 . . 2 5 5 | ALL } DEBUG= { PKT | ALL } 
[ 0UTPUT=C0NS0LE ] [ TIMEOUT= {1..4000000000| NONE } ] 

DI SABLE VLAN= { vl an -name | 1 . . 2 5 5 | ALL } DEBUG= { PKT | ALL } 

SHOW VLAN DEBUG 

To view packet reception and transmission counters for a VLAN, use the 
command (see the Interfaces chapter of the switch's Software Reference): 

SHOW INTERFACE=VLANn COUNTER 
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Summary of VLAN tagging rules 

When designing a VLAN and adding ports to VLANs, the following rules 
apply. 

1. Each port, except for the mirror port, must belong to at least one static 
VLAN. By default, a port is an untagged member of the default VLAN. 

2. A port can be untagged for zero or one VLAN. A port that is untagged for 
a VLAN transmits frames destined for that VLAN without a VLAN tag in 
the Ethernet frame. 

3. A port can be tagged for zero or more VLANs. A port that is tagged for a 
VLAN transmits frames destined for that VLAN with a VLAN tag, 
including the numerical VLAN Identifier of the VLAN. 

4. A port cannot be untagged and tagged for the same VLAN. 

5. The mirror port, if there is one, is not a member of any VLAN. 

Protected VLANs 

If a VLAN is Protected, Layer 2 traffic between ports that are members of a 
Protected VLAN is blocked. Traffic can be Layer 3 switched to another VLAN. 
This feature prevents members of a Protected VLAN from communicating with 
each other yet still allows members to access another network. Layer 3 Routing 
between Ports in a Protected VLAN can be prevented by adding a Layer 3 
filter. The Protected VLAN feature also allows all of the members of the 
Protected VLAN to be in the same subnet. 

A typical application is a hotel installation where each room has a port that can 
be used to access the Internet. In this situation it is undesirable to allow 
communication between rooms. 

To create a Protected VLAN, use the command: 

CREATE VLAN=vlan-name VID=2..255 [PROTECTED] 



VLAN Interaction with STPs and Trunk Groups 

Each VLAN and port can only belong to one Spanning Tree entity (STP). A port 
cannot be added to a VLAN that is in a different STP from the VLANs to which 
the port already belongs, with one exception. The exception is that an untagged 
port in the default VLAN can be moved from the default VLAN to any other 
VLAN in any STP, if the port belongs only to the default VLAN as an untagged 
port. 

All the ports in a trunk group must have the same VLAN configuration: they 
must belong to the same VLANs and have the same tagging status, and can 
only be operated on as a group. 
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Generic VLAN Registration Protocol 
(GVRP) 



The GARP application GVRP allows routers in a network to dynamically share 
VLAN membership information, to reduce the need for statically configuring 
all VLAN membership changes on all switches in a network. See the Generic 
Attribute Registration Protocol (GARP) chapter in the AT-8700XL Series Switch 
Software Reference. 



Quality of Service 

Quality of Service (QoS) enables you to prioritise traffic and/ or limit the 
bandwidth available to it. The concept of QoS is a departure from the original 
networking protocols, which treated all traffic on the Internet or within a LAN 
the same. Without QoS, every different traffic type is equally likely to be 
dropped if a link becomes oversubscribed. This approach is now inadequate in 
many networks, because traffic levels have increased and networks transport 
time-critical applications such as streams of video data. QoS also enables 
service providers to easily supply different customers with different amounts 
of bandwidth. 

Configuring Quality of Service involves two separate stages: 

1. Classifying traffic into flows, according to a wide range of criteria. 

Classification is performed by the switch's packet classifier and is not 
described in this chapter, but in the Classifier chapter in the AT-8700XL Series 
Switch Software Reference. 

2. Acting on these traffic flows. 

Approaches, methods and commands for this are described in the Quality of 
Service chapter in the AT-8700XL Series Switch Software Reference. 



Spanning Tree Protocol (STP) 

The Spanning Tree Protocol (STP) makes it possible to automatically disable 
redundant paths in a network to avoid loops, and enable them when a fault in 
the network means they are needed to keep traffic flowing. A sequence of 
LANs and switches may be connected together in an arbitrary physical 
topology resulting in more than one path between any two switches. If a loop 
exists, frames transmitted onto the extended LAN would circulate around the 
loop indefinitely, decreasing the performance of the extended LAN. On the 
other hand, multiple paths through the extended LAN provide the opportunity 
for redundancy and backup in the event of a bridge experiencing a fatal error 
condition. 



Software Release 2.5.1 
C61 3-02030-00 REV A 



Layer 2 Switching 



31 



The spanning tree algorithm ensures that the extended LAN contains no loops 
and that all LANs are connected by: 

■ Detecting the presence of loops and automatically computing a logical 
loop-free portion of the topology, called a spanning tree. The topology is 
dynamically pruned to a spanning tree by declaring the ports on a switch 
redundant, and placing the ports into a 'Blocking' state. 

■ Automatically recovering from a switch failure that would partition the 
extended LAN by reconfiguring the spanning tree to use redundant paths, 
if available. 



Spanning Tree and Rapid Spanning Tree Port States 

If STP is running in STANDARD mode, then each port can be in one of five 
Spanning Tree states, and one of two switch states. If STP is running in RAPID 
mode, then each port can be in one of four states. The state of a switch port is 
taken into account by STP. To be involved in STP negotiations, STP must be 
enabled on the switch, the port must be enabled on the switch, and enabled for 
the STP it belongs to. 



Interfaces to Layer 3 Protocols 

Interfaces can be configured to VLANs for IP routing protocols in the same 
way that other interfaces are created for other interface types. Concatenate 
VLAN with the VID of the VLAN giving VLANn, for instance: 

INTERFACE =VLAN3 



IGMP Snooping 

IGMP (Internet Group Management Protocol) is used by IP hosts to report their 
multicast group memberships to routers and switches. IP hosts join a multicast 
group to receive broadcast messages directed to the multicast group address. 
IGMP is an IP-based protocol and uses IP addresses to identify both the 
multicast groups and the host members. For a VLAN-aware devices, this 
means multicast group membership is on a per- VLAN basis. If at least one port 
in the VLAN is a member of a multicast group, by default multicast packets 
will be flooded onto all ports in the VLAN. 

IGMP snooping enables the switch to forward multicast traffic intelligently on 
the switch. The switch listens to IGMP membership reports, queries and leave 
messages to identify the switch ports that are members of multicast groups. 
Multicast traffic will only be forwarded to ports identified as members of the 
specific multicast group. 

IGMP snooping is performed at Layer 2 on VLAN interfaces automatically. By 
default, the switch will only forward traffic out those ports with multicast 
listeners, therefore it will not act as a simple hub and flood all multicast traffic 
out all ports. IGMP snooping is independent of the IGMP and Layer 3 
configuration, so an IP interface does not have to be attached to the VLAN, and 
IGMP does not have to be enabled or configured. 

IGMP snooping is enabled by default. To disable it, use the command: 

DISABLE IGMPSNOOPING 
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Triggers 

The Trigger Facility can be used to automatically run specified command 
scripts when particular triggers are activated. When a trigger is activated by an 
event, global parameters and parameters specific to the event are passed to the 
script that is run. For a full description of the Trigger Facility, see the Trigger 
Facility chapter in the AT-8700XL Series Software Reference. 

The switch can generate triggers to activate scripts when a fibre uplink port 
loses or gains coherent light. To create or modify a switch trigger, use the 
commands: 

CREATE TRIGGER^ trigger-id MODULE=SWITCH 

EVENT= { LIGHTOFF | LIGHTON} PORT=port [ AFTER=hh :mm] 
[BEFORE=hh; mm] [DATE=dafce | DAYS = day-list] [ NAME = .name] 
[REPEAT^ {YES | NO | ONCE | FOREVER | count) ] [SCRIPT= filename . . . ] 
[STATE= {ENABLED | DISABLED} ] [TEST= {YES | NO | ON | OFF} ] 

SET TRIGGER^ trigger-id PORTS= {port-list | ALL} [ AFTER=hh :mm] 
[BEFORE=hh :mm] [DATE=dafce | DAYS = day-list] [ NAME = name] 
[REPEAT^ {YES | NO | ONCE | FOREVER | count] ] 
[TEST= {YES | NO | ON | OFF} ] 

The following sections list the events that may be specified for the EVENT 
parameter, the parameters that may be specified as module-specific-parameters, 
and the arguments passed to the script activated by the trigger. 



Event LINKDOWN 

Description The port link specified by the PORT parameter has just gone down. 

Parameters The following command parameter(s) must be specified in the CREATE/SET 
TRIGGER commands: 



Parameter 



Description 



PORJ=port 



The port on which the event will activate the trigger. 



Script Parameters The trigger passes the following parameter(s) to the script: 



Argument 



Description 



%1 



The port number of the port which has just gone down. 



Event LINKUP 

Description The port link specified by the PORT parameter has just come up. 

Parameters The following command parameter(s) must be specified in the CREATE/SET 
TRIGGER commands: 



Parameter 



Description 



PORJ=port 



The port on which the event will activate the trigger. 



Script Parameters The trigger passes the following parameter(s) to the script: 



Argument 



Description 



%1 



The port number of the port which has just come up. 
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Maintenance and Troubleshooting 



This Chapter 



If you are familiar with networking and switch operations, you may be able to 
diagnose and solve some problems yourself. 

This chapter gives tips on how to: 

■ start your switch (see "How the Switch Starts Up" on page 33). 

■ avoid problems (see "How to Avoid Problems" on page 35). 

■ reconfigure your switch if you accidentally clear the FLASH memory (see 
"What to do if you clear FLASH memory completely" on page 36). 

■ reset passwords if they are lost (see "What to do if Passwords are Lost" on 
page 37). 

■ gather information from your switch that support personnel need to 
provide accurate support tailored to your situation (see "Getting the Most 
Out of Technical Support" on page 37). 

■ troubleshoot problems with DHCP IP addresses if the switch is acting as a 
client or as a server (see "Troubleshooting DHCP IP Addresses" on page 38) 

■ restart the switch at any time with no configuration (see "Resetting Switch 
Defaults" on page 39). 

Information gained from the LEDs on the front panel of the switch is described 
in the AT-8700XL Series Hardware Reference. 



How the Switch Starts Up 

The sequence of operations that the switch performs when it boots are: 

1. Perform startup self tests. 

2. Perform the install override option. 

3. Load the EPROM release as the INSTALL boot. 

4. Inspect and check INSTALL information. 

5. Load the required EPROM or FLASH release as the main boot. 

6. Start the switch. 

7. Execute the boot script, if one has been configured. 
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If a terminal is connected to asynO, a series of status and progress messages 
similar to those shown in Figure 1 on page 34 are displayed during the startup 
process. 



Figure 1: switch startup messages. 



INFO 


Self tests beginning. 


INFO 


RAM test beginning. 


PASS 


RAM test, 4096k bytes found. 


INFO 


BBR tests beginning. 


PASS 


BBR test, 12 8k bytes found. 


PASS 


BBR test. Battery OK. 


INFO 


Self tests complete 


INFO 


Downloading router software. 


Force EPROM download (Y) ? 


INFO 


Initial download succeeded 


INFO 


Executing configuration script <boot.cfg> 


INFO 


Router startup complete 


Manager > 



The startup self tests check the basic operation of the switch. If your switch 
passes these tests the switch should be able to at least proceed far enough to 
perform the load of the EPROM release and to start operating. 



The install override option is designed to allow a mandatory switch boot from 
the EPROM release. The message: 

Force EPROM download (Y) ? 

is displayed on the terminal connected to asynO and the switch pauses. If you 
do not press a key within a few seconds, the startup process will continue and 
all steps in the sequence are executed. If the [Y], [S] or [Ctrl/D] key on the 
terminal are pressed immediately after the message is displayed, you can alter 
the switch startup process (Table 3 on page 34). 



Table 3: switch startup sequence keystrokes. 



Pressing key... 


Forces the switch to... 


Y 


Load the EPROM release, with no patch, and skip straight to step 6. 


S 


Start with the default configuration. Any boot script configuration is 




ignored. 


[Ctrl/D] 


Enter diagnostics mode. 



When you start the switch the EPROM release is always loaded first. The 
EPROM release contains all the code required to obtain and check the 
INSTALL information. This first boot is known as the INSTALL boot. The 
INSTALL information is inspected and the switch is setup to perform another 
load. Even if the actual release required is the EPROM release, another load is 
always performed. At this point, if a patch load is required, it is also 
performed. 

The switch startup occurs immediately after the install override option, or after 
the INSTALL information check. The INSTALL information check performs a 
full startup of switch software and initiates the normal operation of the switch. 

Finally, if there is a defined boot script, this script is executed. 
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How to Avoid Problems 



If you perform the following procedures you may help reduce the likelihood 
and impact of some future switch events. 

Set system territory 

Set the system territory to the country or region in which the switch is 
connected to the network. Some protocols are implemented in differently in 
some countries. To ensure that the switch uses variants that will work in the 
country your switch is routing in, enter the command: 

SET SYSTEM TERRITORY^ {AUSTRALIA | CHINA | EUROPE | JAPAN | KOREA | 
NEWZEALAND | USA} 

Backup software files 

Store a backup of the current switch software. If the switch software is 
accidentally cleared from the switch's FLASH memory, you will need to reload 
the software release and patch files. If your access to the Internet is via the 
switch, then you will need the files on your LAN. You may wish to keep a copy 
of the current software and patch files on a TFTP server on your network. You 
can download switch software from the support site at 
http://www.aniedtelesyn.co.nz/support/at8700xL 

Backup configuration script 

Store a backup of the latest configuration script, in case the configuration file 
on the switch is accidentally deleted or damaged. 

Backup switch 

If your network has many switches, you may wish to keep a backup switch 
ready to replace any switch that malfunctions. When you upgrade the software 
release or patch on the other switches in the network, upgrade the backup too. 
Store on it one current config script for each switch in your network, so that 
when it is needed, you need only set the configuration file with which it boots 
to match the switch it replaces. 

Configure logging 

The logging facility stores log messages for events with a specified severity in a 
log file. You can change the size of the log file, and the kind of messages 
recorded. You can configure the switch to output log messages in several ways, 
including to a remote switch with a specified IP address, or as an email to a 
particular email address. The switch can also receive log messages from 
another switch. Set the Logging Facility to log and forward the log messages 
you need to monitor your network (see the Logging Facility chapter in the 
AT-8700XL Switch Software Reference). Inspect the log file from time to time, and 
if difficulties arise. 



Software Release 2.5.1 
C61 3-02030-00 REV A 



36 



AT-8700XL Series User Guide 



FLASH compaction 

If the FLASH memory gets filled beyond a certain level, it will automatically 
activate FLASH compaction to recover any space that is made available from 
deleted files. You can also activate FLASH compaction manually if required. 



While FLASH is compacting, do not restart the switch or use any commands 
that affect the FLASH file subsystem. Do not restart the switch, or create, edit, 
load, rename or delete any files until a message confirms that FLASH file 
compaction is completed. Interrupting flash compaction may result in damage 
to files. Damaged files are likely to prevent the switch from operating correctly. 



Watch for software updates 

From time to time patches may be released to improve the function of your 
switch software, and new software releases make new features available. 
Watch for patches and new software releases on the support site at 

http://www.alliedtelesyn.co.nz/support/at8700xl . 



What to do if you clear FLASH memory 
completely 



DO NOT clear the FLASH memory completely. The software release files are 
stored in FLASH, and clearing it would leave no software to run the switch. 



If you accidentally do this, you will need to: 

1. Boot with default configuration. 

Reboot the switch from a terminal connected the asynchronous terminal 
port (not Telnet). Use the install override to run the default configuration 
(see "How the Switch Starts Up"). 

2. Log in. 

Log in to the switch using the default password friend for the manager 
account. 

3. Put current software release on server. 

Make sure you have the current software release and patch files on a server 
connected to the switch by the switch port or Ethernet port. Current 
software release and patch files are downloaded from the support site at 

http://www.alliedtelesyn.co.nz/support/at8700xl . 

4. Assign an IP address. 

Assign an IP address to the switch interface over which the software files 
are downloaded. 

5. Load software files onto switch. 

Load the required software and patch onto the switch (see "Loading Releases 
and Patches into the Switch" on page 17). 
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6. Set the install information. 

Set the switch to use the software installed (see "Upgrading Switch 
Software"). 

7. Reconfigure the switch. 

If you have a copy of the recent configuration file stored on your network, 
you can download this onto the switch too. Otherwise you will need to re- 
enter all configuration. 



While FLASH is compacting, do not restart the switch or use any commands 
that affect the FLASH file subsystem. Do not restart the switch, or create, edit, 
load, rename or delete any files until a message confirms that FLASH file 
compaction is completed. Interrupting flash compaction may result in damage 
to files. Damaged files are likely to prevent the switch from operating correctly. 



If you accidentally restart the switch, or use any commands that affect the 
FLASH file subsystem, contact your authorised distributor or reseller. You may 
have to return the switch to the factory. 



What to do if Passwords are Lost 



If a user forgets their password, to reset the password from an account with 
MANAGER privilege, enter the command: 

SET USER= login -name PASSWORD=pas sword 

You can reset passwords for accounts with MANAGER privilege with the same 
command, provided the manager can login to at least one account with 
MANAGER privilege. 

If you require further assistance contact your authorised distributor or reseller. 



Getting the Most Out of Technical 
Support 

For online support for your switch, see our on-line support page at 

http://www.alliedtelesyn~co.nz/support/at8700xL 

If you require further assistance, contact your authorised distributor or reseller. 
Gather as much of the following information from your switch and network as 
you can. This gives the support personnel as much information as possible to 
diagnose and solve your problem. They may ask you to send the information 
to them by email. 

Gather this information: 

■ Your name, organisation and contact details. 

■ What is the make and model of your switch? 

SHOW SYSTEM 
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■ Which software release and patch files is your switch running? For 
example, 87-251. rez. Enter the command: 

SHOW INSTALL 

■ What software configuration is currently running? Enter the command: 

SHOW CONF DYN 

■ How is the switch connected to your network? A diagram showing the 
physical configuration of the network your switch is operating in may be 
useful. 

■ To get debugging output, enter the command: 

SHOW DEBUG 

■ Depending on the problem, the support personnel may also ask you for the 
output from the following commands (see the Monitoring and Fault 
Diagnosis section in the Operations chapter, AT-8700XL Switch Software 
Reference): 

SHOW EXCEPTION 
SHOW STARTUP 
SHOW LOG 
SHOW CPU 
SHOW BUFFER 



Troubleshooting DHCP IP Addresses 



Your switch is acting as a DHCP client 

If your switch is acting as a DHCP client the router should receive its IP 
address dynamically. If your switch is not receiving an IP address, check that 
the domain name and host name are correct. 

Your switch is acting as a DHCP server 

If your switch is not assigning IP addresses to a host, or hosts, on the subnet 
perform this procedure: 

1. Reboot the host machine, to force it to re-request IP settings. 

2. Check the host's TCP/IP settings. 

In Microsoft® Windows™ 95/98, click Settings -> Control Panel -> 
Network. Select TCP/IP and click Properties. Click Obtain an IP address 
automatically. 

In Microsoft® Windows™ 2000, click Settings Control Panel 
Network and Dial-up Connections — > Local Area Connection — > 
Properties. Select Internet connection (TCP/IP) and click Properties. Click 
Obtain an IP address automatically. 

3. Check that the DHCP server has a large enough range of addresses. To 
assign a range, enter the command: 

CREATE DHCP RANGE 
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Resetting Switch Defaults 



To restart the switch at any time with no configuration, enter the command: 

RESTART ROUTER CONFIG=NONE 

If boot . cf g has changed, to set it back to the default configuration by saving 
the default dynamic configuration to the boot . cf g file, enter the command: 

CREATE CONFIG=boot .cfg 

To set the switch to restart with the boot configuration file, enter the command: 

SET CONFIG=boot .cfg 



DO NOT clear the FLASH memory completely. The software release files are 
stored in FLASH, and clearing it would leave no software to run the switch. 
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